This invention relates generally to data security, and more particularly to cryptographic systems and methods for securing data transmissions over a communications network.
Enterprises which communicate data either internally between enterprise locations or externally with other entities are increasingly facing the need to secure their data, both to protect the privacy of the communications, as well to ensure its integrity. This is true even of companies with private data communications networks, since increasingly such networks rely upon leased communication lines from telecommunication providers, such as the telephone companies. Even dedicated leased lines must pass through central routing and switching systems where the company leasing the line has no control over access to the line. With today's digital infrastructure, there is no longer the concept of a physical leased line from endpoint to endpoint. All wide area traffic is multiplexed and demultiplexed by the central office (telephone company) and other carriers. Therefore, the physical access to the "leased line" is no longer necessary since the digital switches at the central offices can be programmed to wiretap any circuit. Moreover, many wideband communication lines such as T1 or T3 lines are transmitted by radio frequency, and are subject to intercept.
With the advent of the Internet and the ease with which the communications may be established over wide geographical areas, many companies which previously did not interconnect their facilities are now finding it convenient to do so. Moreover, many companies communicate with others via e-mail. Accordingly, there is an increasing need for cost-effective and scalable data security products to satisfy the needs of a broad range of users from the individual consumer to the large corporation.
There are a number of cryptographic and other privacy systems available which may be used for securing data. These include symmetrical cryptographic systems, such as the National Bureau of Standards Data Encryption Standard (DES), also known as the Data Encryption Algorithm (DEA), which is very useful within a given organization where all the parties communicating have the same cryptographic key. Privacy systems also include public key cryptographic systems which enable private communications between parties who do not each possess the same cryptographic key. Public key cryptography systems are also useful for authenticating the identity of the parties communicating.
Current approaches to data security isolate the cryptography process into a particular system element, generally either in hardware or in software. Occasionally, a combination of hardware and software may be employed for implementing different security functions, the implementation depending upon whether the cryptographic function is for data encryption or for data authentication. Many high-end products employ a hardware-based encryption engine. It may be a separate semiconductor chip, such as a DES chip implementing a complete DEA function, or in firmware in a dedicated processor. Low-end products typically implement the encryption engine in software. Hardware solutions usually require specialized off-the-shelf chips or custom ASICs (Application Specific Integrated Circuits) which implement the complete data encryption process. The hardware is generally a "black box" which is responsible for all aspects of data encryption. The processor in which the ASIC device is used loads in a key, sets the mode of operation, and passes the data through the encryption device in either programmed I/O mode or by Direct Access Memory (DMA). The device must also incorporate a bus interface in order to interface with the processor. Such hardware approaches, while offering higher performance than software, have a number of disadvantages. They are more costly than software, and they are inflexible. Once a particular encryption algorithm is implemented in hardware, it cannot be changed. Custom ASICs are expensive and have long lead times. They are not scaleable, and once designed, faster and slower parts all have the same cost. Moreover, current hardware devices cannot be upgraded with improved encryption technology which may be developed.
Software solutions generally implement the entire data security function in a general purpose processor, such as, for example, an Intel Pentium processor. The processor is responsible for performing all of the encryption process under the control of software, and it behaves as the functional equivalent of a dedicated hardware device. Although software implementations have the advantage of low cost and flexibility, they suffer from poor performance, and are not useful for processing high data rate communications. With a typical mid-range RISC processor having a processing power of the order of 30 MIPS, typical maximum data encryption/decryption rates are of the order of only a few megabits per second (Mbps). A high end Intel Pentium processor operating at 133 MHz can sustain approximately 10 Mbps of DES encryption using software. While those rates are acceptable, its actual use in data communication devices is problematic since the processor can perform no other useful work at these rates of data encryption. Since higher performance processors are more expensive than ASICs, the cost of this system, is at least several orders of magnitude higher. If an enterprise requires 10 Mbps performance, it is impractical to implement this capability in software only.
There is, accordingly, a need for high performance data security systems and methods which provide high performance with a cost-effective and scaleable architecture, the adaptability to incorporate new or different algorithms and processes, as well as the flexibility to satisfy the needs of multiple types of users. This invention is directed to satisfying this need.